webPromedium

Lab 59 — NetPulse — RCE via Command Injection in Network Diagnostics

hackadvisor

Task: NetPulse monitoring platform with Network Diagnostics module that passes user-supplied interface name directly to shell command without sanitization. Solution: OS command injection via semicolon in iface parameter of /api/diagnostics/interface endpoint to execute arbitrary commands as root and read /root/flag.txt.

command_injection docker rce nodejs nginx express os_command_injection honeypot_flag network_diagnostics shell_metacharacter ifconfig root_container api_parameter_injection

api_parameter_tamperinghoneypot_flag_detectionos_command_injection_via_semicolonshell_metacharacter_injectionunsanitized_shell_exec

$ ls tags/ techniques/

command_injection docker rce nodejs nginx express os_command_injection honeypot_flag network_diagnostics shell_metacharacter ifconfig root_container api_parameter_injection

api_parameter_tamperinghoneypot_flag_detectionos_command_injection_via_semicolonshell_metacharacter_injectionunsanitized_shell_exec

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub, Discord, or Google to continue. No email required.

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 322 — NetPulse — IP Spoofing to RCE via Polling Agent API— hackadvisor
[web][Pro]Lab 63 — DataPulse — Insecure Deserialization via Preferences Cookie— hackadvisor
[web][Pro]Lab 384 — DevPulse — RCE via AI Log Assistant Prompt Injection— hackadvisor
[web][Pro]CloudPulse — OAuth CSRF Account Takeover via Missing State Parameter— hackadvisor
[web][Pro]Lab 56 — DataPulse — XXE to SSRF via SVG Avatar Upload— hackadvisor